It has been reported that a security researcher has discovered an unsecured Amazon Simple Storage Solution (S3) database containing more than 31,000 images of users’ passports, driver’s licenses, evidence of age documents, and more. These files are publicly accessible to anyone who has the URL and appears to be owned by the Wellington, New Zealand company LPM Property Management. This particular bucket seems to host images from LPM’s service. Out of the 31,610 files contained in the database, only 15 files are not images. The files include: Passports, both expired and active, both from New Zealand and abroad Drivers licenses with ID numbers, donor statuses,…
ISBuzz Team
A security firm that last month highlighted spyware hidden in Chinese tax software issued a new report Tuesday shedding more light on how Western companies doing business in China are targeted for industrial espionage. Analysts at cybersecurity firm Trustwave say they have discovered a new type of malware they say was embedded in sales tax software — a different, older malicious tool than the previous one they found. In June, Trustwave’s SpiderLabs reported on malware they called GoldenSpy, which was hidden inside software that their client, a tech firm with ties to the U.S. defence industry, was required to install to pay local taxes.…
Study finds lockdown’s furloughed and laid off staff set to trigger spike in DSARs for HR Officers Fall-out from lockdown is already causing difficulty meeting data compliance obligations for 75% of Britain’s Data Protection Officers (DPOs), according to a survey by British data privacy experts Guardum. The vast majority (72%) expect a backlog of Data Subject Access Requests (DSARs) to be waiting for them while the remaining 3% fear there will be a mountain of DSARs to complete when they return to the office. The challenge is set to remain for the foreseeable future. Nearly a third (30%) of Data Protection Officers (DPOs) are expecting a…
It has been reported that Twitter accounts of billionaires Elon Musk, Jeff Bezos and Bill Gates and many other prominent figures are hacked in an apparent Bitcoin scam. The tweets generated from these high profile accounts are asking for donations in cryptocurrency. It was a “co-ordinated” attack targeting Twitter employees with access to internal systems and tools. Industry leaders provide an insight into this breach below.
The research conducted by Specops shows which countries across the world have experienced the most “significant” cyber-attacks between May 2006 and June 2020 and the results are below.
The MGM Resorts 2019 data breach is much larger than initially reported, and is now believed to have impacted more than 142 million hotel guests, and not just the 10.6 million that ZDNet initially reported back in February 2020. The new finding came to light over the weekend after a hacker put up for sale the hotel’s data in an ad published on a dark web marketplace. According to the ad, the hacker is selling the details of 142,479,937 MGM hotel guests for a price of just over $2,900. More information: https://www.zdnet.com/article/a-hacker-is-selling-details-of-142-million-mgm-hotel-guests-on-the-dark-web/
It has been reported that analysis of the Alexa top 1000 websites revealed that there is a lack of security controls to prevent customer data theft. The main threat vectors are Magecart attacks, formjacking, cross-site scripting, and credit card skimming aim to exploit the vulnerable JavaScript integrations running on 99% of the world’s top websites.
In response to news that the India-based, Google-backed food delivery service Dunzo suffered a data breach, cybersecurity experts offer perspective.
Hackers infiltrated Collabera, siphoned off at least some employees’ personal information, and infected the US-based IT consultancy giant’s systems with ransomware.
It has been reported that a notorious botnet campaign activity has increased over the past months via phishing emails. The cybersecurity expert provides an insight below.